问题
I wanted to read data from an azure app service's easy tables using REST API to an Intel Edison. Before I did the same using Azure Mobile Services and my code was this. PS: I'm programming the device by the Arduino IDE.
void send_request()
{
Serial.println("\nconnecting...");
if (client.connect(server, 80)) {
// POST URI
sprintf(buffer, "GET /tables/%s HTTP/1.1", table_name);
client.println(buffer);
// Host header
sprintf(buffer, "Host: %s", server);
client.println(buffer);
// Azure Mobile Services application key
sprintf(buffer, "X-ZUMO-APPLICATION: %s", ams_key);
client.println(buffer);
// JSON content type
client.println("Content-Type: application/json");
client.print("Content-Length: ");
client.println(strlen(buffer));
// End of headers
client.println();
// Request body
client.println(buffer);
}
else {
Serial.println("connection failed");
}
}
where server name was "genesis-iot-control.azure-mobile.net";
but now authentication has changed and mobile service has been replaced by app service. How can I access them using REST API on Intel Edison?
I had followed this lead but with no solutions.
Any kind of help is appreciated.
回答1:
The Application Key mechanism has been removed from Mobile Apps. You'll need to implement-your-own-header check.
See this article for more:
https://github.com/Azure/azure-mobile-apps-net-server/wiki/Implementing-Application-Key
In essence, you send a X-YOUR-CUSTOM-HEADER: SeCreT=
from your Edison and check its value against an Application Setting (defined in the Portal) in your Node/C# Mobile App backend code.
Yes, they should have kept the old mechanism going, disable it by default but allow us to turn it back on with an application setting.
An alternative to that would be to either get a Bearer token from Azure AD and use that with Authorization: Bearer ToKen=
(but that's eventually going to expire anyway unless you also take care of refreshing it), or build another Web App (or API endpoint in your current one) that you send a secret to, goes out to Azure AD and hands you the Bearer token.
OR if you're really in for a very entertaining afternoon, do the OAuth dance from your Edison!
A curl
sample here:
https://ahmetalpbalkan.com/blog/azure-rest-api-with-oauth2/
For a tiny 2KB memory device (like Arduino Uno), storing both Bearer token and refresh token in memory is already game over.
I'd be very interested to learn if anyone has a better/more efficient/more secure approach to do authentication from microcontrollers with Mobile Apps.
Example - using X-SECRET as your custom authentication header:
// Todoitem.js
var azureMobileApps = require('azure-mobile-apps');
// Create a new table definition
var table = azureMobileApps.table();
// Execute only if x-secret header matches our secret
table.read(function (context) {
// All header names are in lowercase in context.req.headers
console.info('Got x-secret header with value: ' +
context.req.headers['x-secret']);
if (context.req.headers['x-secret'] == process.env.SECRET) {
console.info('Secret matches value in App Settings.');
return context.execute();
}
});
// Removed CREATE, UPDATE, DELETE definitions for brevity.
// YOU NEED TO PROTECT THOSE METHODS AS WELL!
// Finally, export the table to the Azure Mobile Apps SDK - it can be
// read using the azureMobileApps.tables.import(path) method
module.exports = table;
Behavior as seen from curl
(needless to say you should use HTTPS if your Edison can do that):
$ curl -s -i http://{mobileapp}.azurewebsites.net/tables/todoitem \
-H "ZUMO-API-VERSION: 2.0.0"
HTTP/1.1 404 Not Found
...
X-Powered-By: Express
{"error":"The item does not exist"}
$ curl -s -i http://{mobileapp}.azurewebsites.net/tables/todoitem \
-H "ZUMO-API-VERSION: 2.0.0" \
-H "X-SECRET: SeCr3T="
HTTP/1.1 200 OK
...
X-Powered-By: Express
[
{
"id": "40b996d6-ec7f-4188-a310-0f02808e7093",
"createdAt": "2016-08-31T11:30:11.955Z",
...
"Yo_node":"Sup"
}
]
Using App Service Editor (Monaco / Visual Studio Online Editor) to code and check output - https://{mobileapp}.scm.azurewebsites.net/dev
来源:https://stackoverflow.com/questions/39536126/get-request-using-azure-app-services-and-intel-edison